Home / News I have a News Tip

Major Regulatory Changes Needed as Safety and Security Merge, Warns European Commission Report

University of Cambridge's Professor Ross Anderson explains why safety should be higher on the agenda than privacy.  (From the Computerphile YouTube channel)

As we increasingly move towards an IoT world, vendors of safety-critical devices will be patching their systems just as regularly as phone and computer vendors do now. Researchers warn that many regulators who previously thought only in terms of safety will have to start thinking of security as well. From a recent project conducted by a research group at Computer Laboratory of the University of Cambridge for the European Commission, comes a report on what will happen to safety regulation once computers are embedded invisibly everywhere. This will require major changes to safety regulation and certification, the report warns.

"At present, the regulation of safety is largely static, consisting of pre-market testing according to standards that change slowly if at all. Product recalls are rare, and feedback from post-market surveillance is slow, with a time constant of several years. In the future, safety with security will be much more dynamic; vendors of safety-critical devices will patch their systems once a month, just as phone and computer vendors do now. This will require major changes to safety regulation and certification, made more complex by multiple regulatory goals. For these reasons, a multi-stakeholder approach involving co-vigilance by multiple actors is inevitable."

"The EU is already the world's main privacy regulator, as Washington doesn't care and nobody else is big enough to matter ... The strategic political challenge facing the European Union is whether it wants to be the world's safety regulator. If it rises to this challenge, then just as engineers in Silicon Valley now consider Europe to be the world's privacy regulator, they will defer to Europe on safety too. The critical missing resource is expertise on cybersecurity, and particularly for the European regulators and other institutions that will have to adapt to this new world."

"The strategic research challenge will include how we make systems more sustainable. At present, we have enough difficulty creating and shipping patches for two-year-old mobile phones. How will we continue to patch the vehicles we're designing today when they are 20 or 30 years old? How can we create toolchains, libraries, APIs and test environments that can be maintained not just for years but for decades?"

Related topics: Cyberattack, Cybersecurity, Internet of Things, Policy & Regulation


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

DNS Security

Sponsored by Afilias

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Post

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals